Securing Amazon S3 Data Is Not Optional
It feels like Amazon S3 isn’t always given the care and feeding it deserves. Horror stories make the cybersecurity news too often, usually accidental leakage of data from unsecured S3 buckets. We wrote about the importance of smart bucket policies before, and AWS updated default settings recently. Since it’s better safe than sorry, we wanted to share some insightful lessons we gathered to help you in securing Amazon S3 data.
PAINFUL LESSONS
LastPass Attacker Compromised Employee’s Personal Machine
The attacker who gained access to the LastPass cloud storage service last year and made off with some customer data gained initial access to the company’s systems after compromising an engineer’s home machine and stealing the employee’s company credentials, access the LastPass vault, and eventually gain access to the keys for Amazon S3 buckets that stored customer data and encrypted vault data.
UK Healthcare Platform, Lantum, Leaked 98k Files
During a routine open-source intelligence (OSINT) method on February 21, the Cybernews research team found a misconfigured Amazon AWS S3 bucket — storing 98,000 files — on Amazon Web Services. The team attributed the data breach to Lantum, a healthcare workforce management platform based in the United Kingdom.
Toyota Spewed Vehicle Location Data for Millions onto Unsecured Cloud Databases for 10 Years
Toyota admitted Friday that it had parked the data of millions of drivers – including vehicle location data – on a publicly available cloud database for over a decade owing to human error that went undetected.
More UK Councils Caught by Capita’s Open AWS Bucket Blunder
The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March’s mega breach.
US No-Fly List Leaked via Airline Dev Server
CommuteAir, a United Airlines puddle-jumper affiliate, leaked the federal government’s No-Fly and “Selectee” lists. Or, at least, a snapshot from 2019—totaling more than 1.8 million entries. Not only that, but detailed personal info on almost 1,000 employees. The vulnerability was an unsecured Jenkins server that contained secret credentials for more than 40 public-cloud storage buckets.
SOLUTIONS
10 Essential Tips for Protecting Your Amazon S3 Data from Cyber Threats
We will take a closer look at the ten essential tips for protecting Amazon S3 data from cyber threats to help ensure that your data is secure and your business can enjoy the benefits of cloud storage with peace of mind.
Top 10 Security Best Practices for Securing Data in Amazon S3
With more than 100 trillion objects in Amazon S3 and an almost unimaginably broad set of use cases, securing data stored in Amazon S3 is important for every organization. So, we’ve curated the top 10 controls for securing your data in S3.
Leave A Comment